Updating root zone file bind

28 May

Now DNSSEC enabled DNS resolvers (like Google Public DNS) can verify the authenticity of a DNS reply (containing an IP address) using the public DNSKEY record. Master Nameserver: IP Address: Hostname: master.OS: Debian 7 Slave Nameserver: IP Address: Hostname: slave.OS: Cent OS The names and locations of configuration and zone files of BIND different according to the Linux distribution used.A Resource Record (RR) contains a specific information about the domain. Service name: bind9 Main configuration file: [email protected]:/var/cache/bind# dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE Generating key pair...................... 007 62910 [email protected]:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o -t zone Verifying the zone using the following algorithms: NSEC3RSASHA1.Increasing this value allows remote nameservers to cache the zone information for a longer period of time, reducing the number of queries for the zone and lengthening the amount of time required to proliferate resource record changes. Next, two nameservers are listed as authoritative for the domain. The documentation is unmodified to be compliant with upstream distribution policy.It is not important whether these nameservers are slaves or if one is a master; they are both still considered authoritative. Neither Cent OS-5 nor the Cent OS Project are in any way affiliated with or sponsored by Red Hat®, Inc.

Directives are optional, but resource records are required to provide name service to a zone.

On Unix-like operating systems it is the de facto standard.

Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley (UCB), the name originates as an acronym from Berkeley Internet Name Domain.

In fact, these two latter servers will ever be referred to in the configuration because the xxxbox will be in charge of resolving names if the packet destination isn't known.

Consequently, I consider the xxxbox like a primary server outside of our domain.